US Executive Order Removes Privacy Protections for Foreigners (Including Canadians)

On January 25th, President Trump signed an Executive Order effectively terminating privacy protections in the US for those living outside of the United States (Order). The Order requires that all US government offices remove privacy policies protecting non-US citizens. Such policies act a chief source of privacy protection from US Government intelligence gathering entities.

The US Privacy Act of 1974, 5 USC §552a provides privacy protection to US citizens and lawful permanent residents, but does not extend those protections to foreigners. Foreigners are similarly excluded from privacy protections guaranteed to citizens under the Fourth Amendment of the Constitution.

Policies fill a necessary gap in privacy protection for foreigners by way of entity-specific directives. The Department of Homeland Security (DHS) has used the policy based approach since 2009 to extend some of the protections of the Privacy Act to non-US persons (Privacy Policy Guidance Memorandum, No 2007-1). The DHS policy ensures that any personally identifiable information (PII) that is collected used, maintained and/or disseminated in connection with an information system that also carries information about US citizens shall be treated as information subject to the Privacy Act, regardless of whether the information pertains to a US citizen, legal permanent resident, visitor, or alien.

The Order also raises concerns for European Privacy watchdogs over the future of the EU-US Privacy Shield and the EU-US Data Protection Umbrella Agreement. However, the Executive Order only demands compliance to the extent consistent with applicable law.